Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The lack of token approval in the `LLMOracleRegistry::register` function will cause user registrations to fail due to transaction reverts.

saurabh_singh

Summary

Since the user will be a EOA ,In the Function LLMOracleRegistry::register there is no way to approve token in the function the transaction will always revert.

Vulnerability Details

From the docs of protocol -> LLM Oracle node owner: Each oracle node can be thought of as an EOA that needs to register to the registry with some stake.

The function lacks functionality to approve the contract for the token amount, causing the InsufficientFunds() revert to always occur and preventing users from registering as oracles.

function register(LLMOracleKind kind) public {
uint256 amount = getStakeAmount(kind);
// ensure the user is not already registered
if (isRegistered(msg.sender, kind)) {
revert AlreadyRegistered(msg.sender);
}
@> // ensure the user has enough allowance to stake
@> if (token.allowance(msg.sender, address(this)) < amount) {
@> revert InsufficientFunds();
}
token.transferFrom(msg.sender, address(this), amount);
// register the user
registrations[msg.sender][kind] = amount;
emit Registered(msg.sender, kind);
}

Impact

Without the ability to approve the contract for token transfers, users will be unable to register as oracles, which will hinder the protocol's functionality, as it relies on these oracles, including validators and generators.

Tools Used

Manual Review.

Recommendations

Make the following changes.

function register(LLMOracleKind kind) public {
uint256 amount = getStakeAmount(kind);
// ensure the user is not already registered
if (isRegistered(msg.sender, kind)) {
revert AlreadyRegistered(msg.sender);
}
+ // Ensure the user has enough balance
+ if (token.balanceOf(msg.sender) < amount) {
+ revert InsufficientFunds();
+ }
+ // approve the contract with amount.
+ token.approve(address(this), amount);
// ensure the user has enough allowance to stake
if (token.allowance(msg.sender, address(this)) < amount) {
revert InsufficientFunds();
}
token.transferFrom(msg.sender, address(this), amount);
// register the user
registrations[msg.sender][kind] = amount;
emit Registered(msg.sender, kind);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!